1. #1
    Sencha Premium Member lorezyra's Avatar
    Join Date
    Dec 2007
    Location
    Japan -- 日本
    Posts
    586
    Vote Rating
    6
    lorezyra will become famous soon enough

      0  

    Default Ext.util.base64

    Ext.util.base64


    I'm curious as to why there are no utility functions for base64/AES/etc in ExtJS.

    I know that we should use HTTPS to ensure encryption between client/server.
    However, I want to add another layer of security above that.
    Simply put, I don't trust that HTTPS is 100% infallible. Especially when things like HeartBleed and potential back-doors are intentionally written into the security protocols (think big-gov or NSA).


    There are too many news reports where the DB was compromised and user data stolen. I use multiple layers of ciphers and one-way salts for sensitive data. This may be overkill, but better than being liable for millions of dollars.


    So... Why do we have no utility classes for ciphers and encryption? There are plenty of singleton JavaScript libraries out there. Why not for ExtJS as well?
    Perfection as a goal is a nice idea that can point one in a specific direction. However, since "perfection" is an ever changing (evolving?) and moving target, one must admit that perfection can never be obtained...

    When in doubt, check the d4mn source code!

  2. #2
    Sencha - Support Team
    Join Date
    Feb 2013
    Location
    California
    Posts
    3,116
    Vote Rating
    59
    Gary Schlosberg has a spectacular aura about Gary Schlosberg has a spectacular aura about Gary Schlosberg has a spectacular aura about

      1  

    Default


    It sounds like you have already found solutions, but at the risk of being redundant, here's a link that might help:
    http://ntt.cc/2008/01/19/base64-enco...avascript.html

    As far as a built-in solution, I know of none currently, but you can file a Bug (indicating that it is a Feature Request) and I can submit a request to our developers on your behalf so that a future addition will be considered.
    Are you a Sencha products veteran who has wondered what it might be like to work at Sencha? If so, please reach out to our recruiting manager: sheryl@sencha.com

  3. #3
    Sencha - Ext JS Dev Team evant's Avatar
    Join Date
    Apr 2007
    Location
    Sydney, Australia
    Posts
    16,662
    Vote Rating
    584
    evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute

      2  
    Evan Trimboli
    Sencha Developer
    Twitter - @evantrimboli
    Don't be afraid of the source code!

  4. #4
    Sencha Premium Member lorezyra's Avatar
    Join Date
    Dec 2007
    Location
    Japan -- 日本
    Posts
    586
    Vote Rating
    6
    lorezyra will become famous soon enough

      0  

    Default


    Quote Originally Posted by evant View Post
    The crux of the argument is: "It's the browser, stupid!" (Not the closed and "secure" server environment.)

    Even the crypto modules for Node.JS are written in C/C++. I agree that the browser is hardly the best place to solely rely upon encryption between the client and server. It does, however, make a *cheap* proof-of-concept environment for mathematical cryptos.


    For my use case, I have the base64, which I can use to verify paths between server and client. And it's that extra layer that I can prove to customers that assures them that I have their security in mind. (This on top of the SSL certificate...)


    While I admit my attempts will certainly fail against the determined mind of a willful hacker, it requires that extra bit of skill to break in.
    Perfection as a goal is a nice idea that can point one in a specific direction. However, since "perfection" is an ever changing (evolving?) and moving target, one must admit that perfection can never be obtained...

    When in doubt, check the d4mn source code!

  5. #5
    Sencha Premium Member lorezyra's Avatar
    Join Date
    Dec 2007
    Location
    Japan -- 日本
    Posts
    586
    Vote Rating
    6
    lorezyra will become famous soon enough

      0  

    Default


    FYI: Here's the Git-Hub repo I have just thrown online...
    git@github.com:lorezyra/extjs-crypto.git


    https://github.com/lorezyra/extjs-crypto


    I plan to add MD5, HMAC, SHA to it later...



    **Also added bug report (feature request):
    http://www.sencha.com/forum/showthre...pto-to-library
    Last edited by lorezyra; 18 Apr 2014 at 1:54 AM. Reason: add direct URL to github
    Perfection as a goal is a nice idea that can point one in a specific direction. However, since "perfection" is an ever changing (evolving?) and moving target, one must admit that perfection can never be obtained...

    When in doubt, check the d4mn source code!

Thread Participants: 2